IT Audit Career Path and the Certified Information Systems Auditor (CISA) Certification
IT Audit is a great career path for those looking to transition to a career in IT. I worked in the IT Audit field for many years and still work in an area that is close to it. One reason I love the IT Audit Career path so much is because it is a versatile field with many benefits.
- Do you have an analytical/investigative mind?
- Do you like to learn about different types of technologies?
- Are you good at data analysis (Excel guru)?
If any of the above describes you, you might be a good candidate for a career in IT audit.
Why an IT Audit Career?
The IT Audit career path is an evergreen one. There are many job opportunities out there for IT Audit because it is related to regulatory compliance. Regulatory compliance is a requirement for many organizations, so jobs in this field are not going anywhere anytime soon.
One of the great things about IT audit is that it introduces you to many other departments within an organization. That introduction is important because it makes it easier for you to transition to those departments, if you want to, later in your career.
IT Audit is also a great place to start if you are interested in a career path in the Information Security/Cybersecurity area. Many of the concepts related to Cybersecurity are required to work in IT Audit. As you become a more experienced IT Auditor, you get more knowledge that you can use as a Cybersecurity professional.
In addition, IT Audit does not require you to have a technical degree in order to start a career in that field. Many people that I know in IT Audit have no IT background and are still quite successful.
Take a look at the average salary.
Salary: The average annual salary for IT Auditors is around $93,446.
What IT Auditors Do
IT Auditors are responsible for evaluating the controls within and around the Information systems of organizations. This evaluation is to determine if adequate controls exist to keep the systems compliant with various organizational or regulatory policies.
In layman terms, IT auditors are checking to see if the controls in the IT system are effective in keeping things secure.
When IT Auditors find security-related compliance issues, the Information Security/Cybersecurity analysts are typically the ones to address the issue.
While this is a great career path on its own, it can be used as leverage to get into Cybersecurity. This leverage is possible because a lot of the technical skills are similar.
As an IT Auditor, you would typically work with other audit team members to prepare and execute audit plans. These audit plans are generally prepared to evaluate how well the organization’s systems are set up.
Sometimes, IT auditors work for a specific organization and evaluate that organization’s systems. Other times, IT auditors work for consulting firms that evaluate the systems of other organizations that are their clients.
Technical Skills Required
While you do not need a technical degree to start in this IT career path, you still need a good amount of knowledge and technical skills. You need to know about various IT systems and how they generally work for you to be successful. Knowing how systems work make it possible for you to audit those systems.
Also, since most organizations have multiple systems, you will need knowledge about many different technologies to effectively audit those systems. The good thing is that you can start on a lower entry-level position where limited skills are required. Then you can gradually work your way up the ladder to an expert.
Here are some of the popular technical skills needed to become an Information Technology Auditor:
- IT Security Controls
- Computer networks (Firewalls, VPN)
- Intrusion Detection
- Cloud Security
- Penetration Testing
- Risk Management
- IT System Change Management
If you are interested, I have a course that provides a great introduction to the IT Audit field. You can check out the course HERE.
Relevant Certifications
There are many different certifications that you can consider when you want to start the IT Audit career path.
Below are some relevant certifications related to some of the technical skills listed above. Please note that not all of the technical skills have certifications linked to them.
- CISA – Certified Information Systems Auditor
- CISM – Certified Information Security Manager
- CompTIA Security+
- CISSP – Certified Information Systems Security Professional
- CIA – Certified Internal Auditor
- CEH – Certified Ethical Hacker
Many of these certifications require some level of experience. So, if you are completely new to the field, you may need some time before you can get the certification. However, you can still start working in the field without the certification and then apply as you meet the requirements.
The most popular certification for IT Audit is the CISA certification. The rest of this article will provide more details about the CISA certification.
Certified Information Systems Auditor (CISA) Certification
The CISA certification is offered by ISACA. ISACA’s purpose is to “help business technology professionals and their enterprises around the world realize the positive potential of technology”. ISACA focuses on roles within assurance, governance, risk and information security. The ISACA organization has been around for a long time as they recently celebrated their 50th anniversary in 2019.
ISACA also offers these other certifications related to IT Audit and governance.
- CISA – Certified Information Systems Auditor
- CISM – Certified Information Security Manager
- CRISC – Certified in Risk and Information Systems Control
- CGEIT – Certified in Governance of Enterprise IT
- CSX-P – Cybersecurity Practitioner
- CDPSE – Certified Data Privacy Solutions Engineer
From the list above, you can see that ISACA is an authority when it comes to IT Audit and Compliance. The focus of this post is the CISA certification. I will review other certifications in other posts.
Why the CISA certification?
The CISA certification is a globally recognized certification that signals to employers that you are an IT audit expert. By having this certification, you signal to recruiters that you can audit, control, monitor, and assess an organization’s information technology and business systems.
When you get some time, perform a quick search of IT Audit jobs and look at their job descriptions. You will quickly notice that the CISA certification is listed for many of the higher-level positions.
This means that if you want an IT audit career career, you need to consider getting this certification.
How to get your CISA Certification
There are 3 steps you need to complete to obtain the CISA certification.
1. Pass the CISA Exam
Some certifications require you to have experience before taking the exam, like the PMP. However, ISACA allows you to take the exam even if you do not have the experience. You have to get the experience and apply for the certification within 5 years of taking the exam.
You can now take the proctored exam online without leaving your house.
The CISA exam is a 150-question exam, and you are given 4 hours to complete the exam. The score is on a scale of 200 to 800 and you have to score at least 450 to pass the exam.
You need to prepare vigorously for the CISA exam. The questions are worded in specific ways, and your responses must line up with what ISACA expects.
I passed the exam on the first try BUT it took a lot of preparation! You can check out this post on tips to pass your IT certification exam the first time.
Exam Study Materials
You can find the ISACA recommended study materials on their site. However, you do not need to obtain all their resources.
Here are the CISA exam study guides that I recommend you consider in preparation for the exam. You do not need all these materials. Just select the ones that work for you.
- The official CISA Review Manual
- Udemy has several CISA courses on passing the CISA exam. I have not taken any of these, but several have high review scores and are highly recommended by the students. Udemy always has a sale going on (up to 90% sometimes). So, either look for a coupon online or wait for their sale before purchasing.
- If you want more practice tests, you can also check Udemy, , or any other site you find online. My #1 recommendation for the CISA exam is to take as many full-length practice exams as possible. I recommend you take the exams until you score above 85% before your exam date.
There are 2 reasons for taking practice tests. First, you can identify areas where you need further study so you can focus. Second, you can gauge your preparation for the real exam and increase your chances of passing.
You can get the free IT Certification Study Plan template sent to your email by filling the form below.
2. Apply for the certification
After you pass the exam, you need to apply to get the certification. To apply for the certification, you must meet specific criteria. You need to prove that you meet these qualifications in your application before your certification is approved.
- Successfully pass the CISA exam within 5 years of applying for the certification
- Agree to adhere to the Code of Professional Ethics and the Continuing Professional Education (CPE) Policy
- Agree to comply with CISA Standards
- Demonstrate the required work experience (5 years of auditing, controls, or security experience). Some substitutions and waivers are allowed based on whether the applicant has a 2-year college, 4-year college, or master’s degree.
3. Maintain Your Certification
After you have passed the exam and obtained the certification, you need to maintain it with continuing education.
You need at least 20 Continuing Professional Education (CPE) credits every year, and at least 120 CPE credits every 3 years. If you do the math, you really need at least 40 CPE credits every year to meet the 3-year requirements.
The ISACA site has a list of ways to earn CPE credit from ISACA.
You are required to record the CPEs you’ve completed on the ISACA site. If you do not complete adequate CPEs, you risk losing the certification you worked so hard to obtain.
IT Audit Courses
If you want courses that teaches about IT Audits using a practical, hands-on approach, then check out these courses that I offer.
- IT Audit Fundamentals: Introduction to IT Audit, Controls and Controls Testing: A foundational course that teaches the basics of IT Audits and Controls with 10 practical learning activities, quizzes, and assignments. This course has almost 200 students and great reviews!
- IT Audit Fundamentals Comprehensive Program: A practical, hands-on program that teaches you how to perform IT Audits like an experienced professional in 6-weeks.
You can also join the IT Audit Fundamentals Facebook group to connect with other IT Auditors.
Find IT Audit Jobs
ISACA has a website dedicated to project management jobs at https://jobs.isaca.org/jobseekers/.
Here are some other sites where you can search for IT Audit jobs, including remote jobs.
There you have it. The steps you need to take to obtain the CISA certification for the IT Audit career path in IT. Do you have the CISA, or are you considering getting the certification? If you plan to take the CISA certification, which of the resources above do you think you will use for the CISA exam?
You can also check out these other posts related to IT careers.